CCE-97210-9Platform: cpe:/o:microsoft:windows_11 | Date: (C)2023-11-22 (M)2023-11-22 |
This policy setting determines whether Enhanced Phishing Protection is in audit mode. This allows notifications to be sent to users regarding unsafe password events. Additionally, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.
Allowing Enhanced Phishing Protection the ability to warn users about unsafe password use could prevent phishing attempts and (credential) data loss. In addition, the Microsoft 365 Defender Portal provides valuable phishing sensor data found in the environment.
The recommended state for this setting is: Enabled
Default Value: Disabled.
Fix:To establish the recommended configuration via GP, set the following UI path to Enabled:
(1) GPO: Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components!ServiceEnabled
Parameter:
[Enabled/Disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows Defender SmartScreen\\Enhanced Phishing Protection\\Service Enabled
(2) REG: REG: HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WTDS\\Components!ServiceEnabled
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.8 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 2.5 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: NONE |
| |
References: